summaryrefslogtreecommitdiff
path: root/CryptoPkg
diff options
context:
space:
mode:
authorYi Li <yi1.li@intel.com>2022-09-26 00:13:05 +0800
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2022-10-10 06:29:51 +0000
commit8db4e9f9a0c2ec992e28259ceb7a8eb316716b05 (patch)
tree339426d2c1cbb15e8fb3af6babe63712afdb1979 /CryptoPkg
parentbb78d969b703d0f2b6205d5e3ec3ec8989a2d6c0 (diff)
downloadedk2-8db4e9f9a0c2ec992e28259ceb7a8eb316716b05.zip
edk2-8db4e9f9a0c2ec992e28259ceb7a8eb316716b05.tar.gz
edk2-8db4e9f9a0c2ec992e28259ceb7a8eb316716b05.tar.bz2
CryptoPkg: Add new Tls APIs to DXE and protocol
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 The implementation provides new Tls library functions for Crypto EFI Driver and Protocol. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Diffstat (limited to 'CryptoPkg')
-rw-r--r--CryptoPkg/Driver/Crypto.c155
-rw-r--r--CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h5
-rw-r--r--CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c146
-rw-r--r--CryptoPkg/Private/Protocol/Crypto.h136
4 files changed, 435 insertions, 7 deletions
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 7a8266a..f1ff778 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -4239,6 +4239,28 @@ CryptoServiceTlsWrite (
}
/**
+ Shutdown a TLS connection.
+
+ Shutdown the TLS connection without releasing the resources, meaning a new
+ connection can be started without calling TlsNew() and without setting
+ certificates etc.
+
+ @param[in] Tls Pointer to the TLS object to shutdown.
+
+ @retval EFI_SUCCESS The TLS is shutdown successfully.
+ @retval EFI_INVALID_PARAMETER Tls is NULL.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsShutdown (
+ IN VOID *Tls
+ )
+{
+ return CALL_BASECRYPTLIB (Tls.Services.Shutdown, TlsShutdown, (Tls), EFI_UNSUPPORTED);
+}
+
+/**
Set a new TLS/SSL method for a particular TLS object.
This function sets a new TLS/SSL method for a particular TLS object.
@@ -4463,11 +4485,41 @@ CryptoServiceTlsSetHostPublicCert (
/**
Adds the local private key to the specified TLS object.
- This function adds the local private key (PEM-encoded RSA or PKCS#8 private
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
+ key) into the specified TLS object for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
+ or PKCS#8 private key.
+ @param[in] DataSize The size of data buffer in bytes.
+ @param[in] Password Pointer to NULL-terminated private key password, set it to NULL
+ if private key not encrypted.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid private key data.
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsSetHostPrivateKeyEx (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN VOID *Password OPTIONAL
+ )
+{
+ return CALL_BASECRYPTLIB (TlsSet.Services.HostPrivateKeyEx, TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED);
+}
+
+/**
+ Adds the local private key to the specified TLS object.
+
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
key) into the specified TLS object for TLS negotiation.
@param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
or PKCS#8 private key.
@param[in] DataSize The size of data buffer in bytes.
@@ -4512,6 +4564,59 @@ CryptoServiceTlsSetCertRevocationList (
}
/**
+ Set the signature algorithm list to used by the TLS object.
+
+ This function sets the signature algorithms for use by a specified TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data Array of UINT8 of signature algorithms. The array consists of
+ pairs of the hash algorithm and the signature algorithm as defined
+ in RFC 5246
+ @param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2.
+
+ @retval EFI_SUCCESS The signature algorithm list was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList
+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsSetSignatureAlgoList (
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ )
+{
+ return CALL_BASECRYPTLIB (TlsSet.Services.SignatureAlgoList, TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);
+}
+
+/**
+ Set the EC curve to be used for TLS flows
+
+ This function sets the EC curve to be used for TLS flows.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492.
+ @param[in] DataSize Size of Data, it should be sizeof (UINT32)
+
+ @retval EFI_SUCCESS The EC curve was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsSetEcCurve (
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ )
+{
+ return CALL_BASECRYPTLIB (TlsSet.Services.EcCurve, TlsSetEcCurve, (Tls, Data, DataSize), EFI_UNSUPPORTED);
+}
+
+/**
Gets the protocol version used by the specified TLS connection.
This function returns the protocol version used by the specified TLS
@@ -4827,6 +4932,44 @@ CryptoServiceTlsGetCertRevocationList (
}
/**
+ Derive keying material from a TLS connection.
+
+ This function exports keying material using the mechanism described in RFC
+ 5705.
+
+ @param[in] Tls Pointer to the TLS object
+ @param[in] Label Description of the key for the PRF function
+ @param[in] Context Optional context
+ @param[in] ContextLen The length of the context value in bytes
+ @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF
+ @param[in] KeyBufferLen The length of the KeyBuffer
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The TLS object is invalid.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsGetExportKey (
+ IN VOID *Tls,
+ IN CONST VOID *Label,
+ IN CONST VOID *Context,
+ IN UINTN ContextLen,
+ OUT VOID *KeyBuffer,
+ IN UINTN KeyBufferLen
+ )
+{
+ return CALL_BASECRYPTLIB (
+ TlsGet.Services.ExportKey,
+ TlsGetExportKey,
+ (Tls, Label, Context, ContextLen,
+ KeyBuffer, KeyBufferLen),
+ EFI_UNSUPPORTED
+ );
+}
+
+/**
Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.
This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in
@@ -6266,4 +6409,12 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceEcGenerateKey,
CryptoServiceEcGetPubKey,
CryptoServiceEcDhComputeKey,
+ /// TLS (continued)
+ CryptoServiceTlsShutdown,
+ /// TLS Set (continued)
+ CryptoServiceTlsSetHostPrivateKeyEx,
+ CryptoServiceTlsSetSignatureAlgoList,
+ CryptoServiceTlsSetEcCurve,
+ /// TLS Get (continued)
+ CryptoServiceTlsGetExportKey
};
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 45bafc2..4740589 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -269,6 +269,7 @@ typedef struct {
UINT8 CtrlTrafficIn : 1;
UINT8 Read : 1;
UINT8 Write : 1;
+ UINT8 Shutdown : 1;
} Services;
UINT32 Family;
} Tls;
@@ -285,6 +286,9 @@ typedef struct {
UINT8 HostPublicCert : 1;
UINT8 HostPrivateKey : 1;
UINT8 CertRevocationList : 1;
+ UINT8 HostPrivateKeyEx : 1;
+ UINT8 SignatureAlgoList : 1;
+ UINT8 EcCurve : 1;
} Services;
UINT32 Family;
} TlsSet;
@@ -303,6 +307,7 @@ typedef struct {
UINT8 HostPublicCert : 1;
UINT8 HostPrivateKey : 1;
UINT8 CertRevocationList : 1;
+ UINT8 ExportKey : 1;
} Services;
UINT32 Family;
} TlsGet;
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 791e2ef..52b934a 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -3475,6 +3475,28 @@ TlsWrite (
}
/**
+ Shutdown a TLS connection.
+
+ Shutdown the TLS connection without releasing the resources, meaning a new
+ connection can be started without calling TlsNew() and without setting
+ certificates etc.
+
+ @param[in] Tls Pointer to the TLS object to shutdown.
+
+ @retval EFI_SUCCESS The TLS is shutdown successfully.
+ @retval EFI_INVALID_PARAMETER Tls is NULL.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+**/
+EFI_STATUS
+EFIAPI
+TlsShutdown (
+ IN VOID *Tls
+ )
+{
+ CALL_CRYPTO_SERVICE (TlsShutdown, (Tls), EFI_UNSUPPORTED);
+}
+
+/**
Set a new TLS/SSL method for a particular TLS object.
This function sets a new TLS/SSL method for a particular TLS object.
@@ -3699,11 +3721,41 @@ TlsSetHostPublicCert (
/**
Adds the local private key to the specified TLS object.
- This function adds the local private key (PEM-encoded RSA or PKCS#8 private
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
key) into the specified TLS object for TLS negotiation.
@param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
+ or PKCS#8 private key.
+ @param[in] DataSize The size of data buffer in bytes.
+ @param[in] Password Pointer to NULL-terminated private key password, set it to NULL
+ if private key not encrypted.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid private key data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetHostPrivateKeyEx (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN VOID *Password OPTIONAL
+ )
+{
+ CALL_CRYPTO_SERVICE (TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED);
+}
+
+/**
+ Adds the local private key to the specified TLS object.
+
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
+ key) into the specified TLS object for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
or PKCS#8 private key.
@param[in] DataSize The size of data buffer in bytes.
@@ -3748,6 +3800,59 @@ TlsSetCertRevocationList (
}
/**
+ Set the signature algorithm list to used by the TLS object.
+
+ This function sets the signature algorithms for use by a specified TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data Array of UINT8 of signature algorithms. The array consists of
+ pairs of the hash algorithm and the signature algorithm as defined
+ in RFC 5246
+ @param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2.
+
+ @retval EFI_SUCCESS The signature algorithm list was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList
+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetSignatureAlgoList (
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ )
+{
+ CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);
+}
+
+/**
+ Set the EC curve to be used for TLS flows
+
+ This function sets the EC curve to be used for TLS flows.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492.
+ @param[in] DataSize Size of Data, it should be sizeof (UINT32)
+
+ @retval EFI_SUCCESS The EC curve was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetEcCurve (
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ )
+{
+ CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);
+}
+
+/**
Gets the protocol version used by the specified TLS connection.
This function returns the protocol version used by the specified TLS
@@ -4062,6 +4167,43 @@ TlsGetCertRevocationList (
CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
}
+/**
+ Derive keying material from a TLS connection.
+
+ This function exports keying material using the mechanism described in RFC
+ 5705.
+
+ @param[in] Tls Pointer to the TLS object
+ @param[in] Label Description of the key for the PRF function
+ @param[in] Context Optional context
+ @param[in] ContextLen The length of the context value in bytes
+ @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF
+ @param[in] KeyBufferLen The length of the KeyBuffer
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The TLS object is invalid.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetExportKey (
+ IN VOID *Tls,
+ IN CONST VOID *Label,
+ IN CONST VOID *Context,
+ IN UINTN ContextLen,
+ OUT VOID *KeyBuffer,
+ IN UINTN KeyBufferLen
+ )
+{
+ CALL_CRYPTO_SERVICE (
+ TlsGetExportKey,
+ (Tls, Label, Context, ContextLen,
+ KeyBuffer, KeyBufferLen),
+ EFI_UNSUPPORTED
+ );
+}
+
// =====================================================================================
// Big number primitive
// =====================================================================================
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index 2f267c7..6293efa 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -21,7 +21,7 @@
/// the EDK II Crypto Protocol is extended, this version define must be
/// increased.
///
-#define EDKII_CRYPTO_VERSION 13
+#define EDKII_CRYPTO_VERSION 14
///
/// EDK II Crypto Protocol forward declaration
@@ -3187,6 +3187,25 @@ INTN
);
/**
+ Shutdown a TLS connection.
+
+ Shutdown the TLS connection without releasing the resources, meaning a new
+ connection can be started without calling TlsNew() and without setting
+ certificates etc.
+
+ @param[in] Tls Pointer to the TLS object to shutdown.
+
+ @retval EFI_SUCCESS The TLS is shutdown successfully.
+ @retval EFI_INVALID_PARAMETER Tls is NULL.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_CRYPTO_TLS_SHUTDOWN)(
+ IN VOID *Tls
+ );
+
+/**
Set a new TLS/SSL method for a particular TLS object.
This function sets a new TLS/SSL method for a particular TLS object.
@@ -3384,11 +3403,38 @@ EFI_STATUS
/**
Adds the local private key to the specified TLS object.
- This function adds the local private key (PEM-encoded RSA or PKCS#8 private
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
+ key) into the specified TLS object for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
+ or PKCS#8 private key.
+ @param[in] DataSize The size of data buffer in bytes.
+ @param[in] Password Pointer to NULL-terminated private key password, set it to NULL
+ if private key not encrypted.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid private key data.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY_EX)(
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN VOID *Password OPTIONAL
+ );
+
+/**
+ Adds the local private key to the specified TLS object.
+
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
key) into the specified TLS object for TLS negotiation.
@param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
or PKCS#8 private key.
@param[in] DataSize The size of data buffer in bytes.
@@ -3681,6 +3727,82 @@ EFI_STATUS
);
/**
+ Set the signature algorithm list to used by the TLS object.
+
+ This function sets the signature algorithms for use by a specified TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data Array of UINT8 of signature algorithms. The array consists of
+ pairs of the hash algorithm and the signature algorithm as defined
+ in RFC 5246
+ @param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2.
+
+ @retval EFI_SUCCESS The signature algorithm list was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList
+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_CRYPTO_TLS_SET_SIGNATURE_ALGO_LIST)(
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Set the EC curve to be used for TLS flows
+
+ This function sets the EC curve to be used for TLS flows.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492.
+ @param[in] DataSize Size of Data, it should be sizeof (UINT32)
+
+ @retval EFI_SUCCESS The EC curve was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_CRYPTO_TLS_SET_EC_CURVE)(
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Derive keying material from a TLS connection.
+
+ This function exports keying material using the mechanism described in RFC
+ 5705.
+
+ @param[in] Tls Pointer to the TLS object
+ @param[in] Label Description of the key for the PRF function
+ @param[in] Context Optional context
+ @param[in] ContextLen The length of the context value in bytes
+ @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF
+ @param[in] KeyBufferLen The length of the KeyBuffer
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The TLS object is invalid.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_CRYPTO_TLS_GET_EXPORT_KEY)(
+ IN VOID *Tls,
+ IN CONST VOID *Label,
+ IN CONST VOID *Context,
+ IN UINTN ContextLen,
+ OUT VOID *KeyBuffer,
+ IN UINTN KeyBufferLen
+ );
+
+/**
Gets the CA-supplied certificate revocation list data set in the specified
TLS object.
@@ -4954,6 +5076,14 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_EC_GENERATE_KEY EcGenerateKey;
EDKII_CRYPTO_EC_GET_PUB_KEY EcGetPubKey;
EDKII_CRYPTO_EC_DH_COMPUTE_KEY EcDhComputeKey;
+ /// TLS (continued)
+ EDKII_CRYPTO_TLS_SHUTDOWN TlsShutdown;
+ /// TLS Set (continued)
+ EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY_EX TlsSetHostPrivateKeyEx;
+ EDKII_CRYPTO_TLS_SET_SIGNATURE_ALGO_LIST TlsSetSignatureAlgoList;
+ EDKII_CRYPTO_TLS_SET_EC_CURVE TlsSetEcCurve;
+ /// TLS Get (continued)
+ EDKII_CRYPTO_TLS_GET_EXPORT_KEY TlsGetExportKey;
};
extern GUID gEdkiiCryptoProtocolGuid;